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(54) Conditional access system and smartcard allowing such access 



(57) The invention relates to a conditional access 
system allowing a sen/ice provider to supply services 
only to those users who have acquired entitlements to 
these services. 

The services supplied by a service provider consist 
of an item scrambled by control words. In order to keep 
the control words secret, they are supplied after having 



been encrypted with an algorithm with key K. 

The entitlements of each user are forwarded in 
messages commonly denoted EMIVl (the abbreviation 
EMM standing for "Entitlement Management Messag- 
es'). 

According to the invention, the key K of the control 
words encryption algorithm is contained in the EMMs. 
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control the validation of the entttienrients of the user and 
a circuit for validating the access conditions associated 
with the service, the csrcL-ii for validating the access con- 
ditions containing a second control key. The first control 
key is different fronn the key K. According to the pre- 
ferred embodinnent of the invention the first control key 
is a key individual to the card and hence different fronn 
one card to another 

The invention further relates to a conditional access 
system allowing a sen/ice provider to supply services 
only to the users who have acquired entitlennents to 
these services, the said services consisting of an item 
scrambled by control words, the said system compris- 
ing, for each user, at least one decoder and at least one 
user card, the said card containing, on the one hand, 
circuits making it possible to validate and record the en- 
titlements of the user to the service delivered by the pro- 
vider the said entitlements being conveyed to the user 
card by a first message (EMM) and. on the other hand, 
circuits making it possible to retrieve the control words 
from the enciphered control words by an algorithm with 
key K, the said enciphered control words being con- 
veyed to the user card by a second message (ECM). 
The user card is a card such as that according to the 
abovementioned invention and the first message (EMM) 
ts a message making it possible to define the entitle- 
ments possessed by the user such as that according to 
the abovementioned invention. 

An advantage of the invention is considerably to 
strengthen the protection of the services supplied by the 
provider Piracy in relation to one or more user cards 
then offers practically no benefit to a would-be pirate any 
more. 

Other charactenstics and advantages of the inven- 
tion will emerge on reading a preferred embodiment giv- 
en with reference to the appended figures In which: 

Figures 1 a and 1 b represent respectively a first and 
a second EMM format according to the prior art: 
Figure 2 represents the format of an ECM according 
to, the prior art: 

Figure 3 represents the schematic of a user card 
according to the prior art: 

Figures 4a and 4b represent respectively a first 
EMM format and a second EMM format according 
to the invention: 

Figure 5 represents the schematic of a user card 
according to the invention. 

In all the figures, the same labels designate the 
same elements. 

Figure la represents a first EMM format according 
to the prior art. 

The EMM represented in Figure la is composed of 
a body Cla containing the three main items mentioned 
earlier, and of a header 4. the content of which (HI) 
gives, among other things, the type and size of the items 
contained in the body Cla. 



The body Cla consists of a first item i containing 
the adoress -'AD) of the user's card, of a second item 2 
containing a description of the user's entitlements, and 
of a third item 3 containing a cue HASH^^. The cue 
5 HASHj^ depends on the key K and makes it possible to 
perform the analysis of the EMM mentioned earlier 

Figure 1 b represents a second EMM format accord- 
ing to the prior art. 

The EMM consists of a header 4 and of a body Clb, 
10 Thebody Clb consists of the items 5 and 6 contain- 
ing respectively the address AD of the user card and the 
description of the user's entitlements enciphered with 
the algorithm with key K and relating to the address AD 
(E( user's entitlements)j< ^o)- According to this EMM for- 
15 mat. the validation and verification of the entitlements 
contained in the EMM are performed by the operation 
of deciphering the enciphered entitlements. 

Figure 2 represents the format of an ECM according 
to the prior art. 
20 The ECM consists of a body C2 and of a header 7 
the content (H2) of which gives, among other things, the 
type and size of the items contained in the body C2. 

The body C2 comprises, among other things, a first 
item 8 containing the set of access conditions associat- 
es ed with the service supplied by the service provider a 
second item 9 containing a control word Cwi enciphered 
with the algorithm with key K (E(Cwi)j^) and a third item 
1 0 containing a cue H ASH^ depending on the key K and 
making it possible to validate and verify the content of 
30 the access conditions. The control word Cwi represents 
the current control word, that is to say the control word 
making it possible to descramble that part of the pro- 
gram which is currently being read. 

As is known to those skilled in the art. generally the 
35 ECM which contains Cwi also contains a second control 
word. This second control word is the control word of 
the next descrambling period, that is to say the current 
control word of the ECM which has to follow the ECM 
which contains Cwi as current control word. This second 
40 control word has not been represented in Figure 2 so as 
not to fruitlessly encumber the drawing. 

As is known to those skilled in the art. the ECMs are 
forwarded by the sen/ice provider together with the 
scrambled item lE(ECG). 
45 The ECM format described in Figure 2 is merely one 
example of an ECM format. In particular the order of the 
various blocks (7. 8. 9. 10) making up the ECM de- 
scribed in Figure 2 can be modified. 

Figure 3 represents the schematic of a user card 
50 according to the prior art. 

The user card 11 contains five main circuits: 

a circuit 1 2 for validating the user's entitlements: 
a circuit 13 for storing the user's validated entitle- 
55 ments: 

a circuit 1 4 for controlling the access; 

a circ^^il 1 5 for validating the ECMs; 

a circuit 27 for deciphering the enciphered control 
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the Liser 

r 're validated access conditions correspond to the 
valica'.ed entitlements oi the user, a signal Y(K) ema- 
nating "'rom the access controi circuit 24 and applied to 
the deciphering circuit 26 authorizes the deciphering o\ 
the control words. The signal Y(K) contains the key K 
so as 10 transmit the latter to the deciphering circuit 26 
The enciphered control words EiCwilK are forwarded 
from the validation orcuit 25 to the deciphering circuit 
26. The deciphering of the control words is then per- 
formed On completion of the various steps of the deci- 
phering procedure, the deciphered control words Cwi 
are generated by the deciphering circuit 26 so as to al- 
low the descrambling of the scrambled item. 

if the validated access conditions do not correspond 
to the validated entitlements of the user the deciphering 
of the control words is not authorized. According to the 
invention, validation of a user's entitlements is control- 
led by a key KC individual to the user or to a group of 
users it follows that piracy in relation to a user card can 
lead only to the jeopardizing of the pirated card itself as 
well as the user cards of the same group of users if the 
key KC is shared by one and the same group of users. 

Advantageously^ all the other user cards remain 
protected. 

According to the above-described embodiment of 
the invention, the key K is the same for alt the services 
supplied by the provider. The invention allows the im- 
plementation of embodiments for which the various 
services supplied by the provider are scrambled with 
control words enciphered with an algorithm whose en- 
ciphering key differs from one service to another or from 
one group of services to another. 

This is particularly advantageous in the case of sys- 
tems commonly referred to as "off-line** systems for 
which the scrambled item lE(ECG) and the ECMs are 
contained on stand-alone data media such as, for ex- 
ample. CDs ("Compact Discs" ). DVDs ("Digital Video 
Discs') or else CD-RO(^s ("Compact-Disc Read Only 
Memories"). 

Advantageously, piracy in relation to a user card is 
then even more devoid of benefit than in the case in 
which all the services of the provider are scrambled with 
control words enciphered with the same key K. Thus, 
piracy in relation to a user card then leads to only very 
partial access in respect of the various services supplied 
by the provider. 

Scrambling various services, such as for example 
films, with an algorithm whose keys differ from one serv- 
ice to another cannot be envisaged within the framework 
of prior art conditional access systems for which the key 
of the algorithm for enciphering the control words of a 
service and the key associated with the algorithm for val- 
idating the user's entitlements are identical. 

Thus, the service provider would then have to sup- 
ply each user with a card individual to each service or 
g^qup of sen/ices. Such a proliferation of cards is unre- 
alistic, both for practical reasons and for cost reasons. 



Generally, regardless of the embodiment of the in- 
vention that IS to say whether the various services sup- 
plied by the provider are associated with a single key for 
enciphering the control words K or with different enct- 
5 phering keys Kj (j = 1. 2. , . m). the invention relates 
equally well to conditional access systems of the "off- 
line" type as to conditional access systems of the "on- 
line" type for which the scrambled item lE(ECG) is an 
Item consisting of a signal dispensed simultaneously to 
the various customers of the service provider from a sin- 
gle source. 



Claims 

75 

1 . Message (EMM) making it possible to define the en- 
titlements (2) which a user possesses to a service 
consisting of an item (IE f ECG)) scrambled with the 
aid of control words (Cwi). the said control words 

20 being supplied to the user after having been enci- 
phered by an algorithm with key K, the said mes- 
sage (EMM) containing an item making it possible 
to validate this message and to verify that the enti- 
tlements which the latter contains are the entitle- 

25 ments reserved for the user, the said item making 
it possible to validate the message and to verify the 
entitlements which the laUer contains being control- 
led by a key (KC). characterized in that the message 
contains the key K of the algorithm for enciphering 

30 the control words. 

2. Message (EMM) according to Claim 1. character- 
ized in that the key (KC) controlling the item making 
it possible to validate this message and to verify the 

35 entitlements which the latter contains is different 
from the key K of the algonthm for enciphering the 
control words. 

3. Message (EMM) according to Claim 1 or 2.. charac- 
40 terized in that the key (KC) controlling the item mak- 
ing it possible to validate this message and to verify 
the entitlements which the latter contains is individ- 
ual to each user or group of users. 

45 4. Process making it possible to descramble a scram- 
' bled service tlE(ECG)) supplied to at least one user 
the said service being scrambled with the aid of con- 
trol words (Cwi), the said process comprising a step 
making it possible to supply the user with a first 

50 message (ECM) containing at least one control 
word enciphered with an algorithm with key a 
step making it possible to supply a second message 
(EMM) containing the enlitlements of the user and 
a step making it possible to validate and verify that 

55 the entitlements contained in the second nnessage 
(EMM) are the entitlements reserved for the user, 
characterized in that the key K is dispensed to the 
user in the second message (EMM). 
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